From e99b17520d76379cff36d31adbfe8dfe04988f68 Mon Sep 17 00:00:00 2001 From: zjhe Date: Mon, 10 Feb 2025 11:21:51 +0800 Subject: [PATCH] remove exists function since we cannot use not exists() check, nor a not_exists() function --- .../microsoft_network_applicationGateways_zones.rego | 2 +- ...microsoft_network_loadBalancers_outbound_rules.rego | 2 +- .../network/azurerm_application_gateway_zones.rego | 2 +- policy/common/common.utils.rego | 10 +++------- 4 files changed, 6 insertions(+), 10 deletions(-) diff --git a/policy/Azure-Proactive-Resiliency-Library-v2/azapi/network/microsoft_network_applicationGateways_zones.rego b/policy/Azure-Proactive-Resiliency-Library-v2/azapi/network/microsoft_network_applicationGateways_zones.rego index c3914f5..03cf6d3 100644 --- a/policy/Azure-Proactive-Resiliency-Library-v2/azapi/network/microsoft_network_applicationGateways_zones.rego +++ b/policy/Azure-Proactive-Resiliency-Library-v2/azapi/network/microsoft_network_applicationGateways_zones.rego @@ -3,7 +3,7 @@ package Azure_Proactive_Resiliency_Library_v2.Microsoft_Network_applicationGatew import rego.v1 valid_zones(resource) if { - data.utils.exists(resource.values.body.zones) + resource.values.body.zones == resource.values.body.zones count(resource.values.body.zones) >= 2 } diff --git a/policy/Azure-Proactive-Resiliency-Library-v2/azapi/network/microsoft_network_loadBalancers_outbound_rules.rego b/policy/Azure-Proactive-Resiliency-Library-v2/azapi/network/microsoft_network_loadBalancers_outbound_rules.rego index 756e17b..98502d0 100644 --- a/policy/Azure-Proactive-Resiliency-Library-v2/azapi/network/microsoft_network_loadBalancers_outbound_rules.rego +++ b/policy/Azure-Proactive-Resiliency-Library-v2/azapi/network/microsoft_network_loadBalancers_outbound_rules.rego @@ -7,7 +7,7 @@ valid_outbound_rules(resource) if { } valid_outbound_rules(resource) if { - not resource.values.body.properties.outboundRules + not resource.values.body.properties.outboundRules == resource.values.body.properties.outboundRules } deny_use_nat_gateway_instead_of_outbound_rules_for_production_load_lalancer contains reason if { diff --git a/policy/Azure-Proactive-Resiliency-Library-v2/azurerm/network/azurerm_application_gateway_zones.rego b/policy/Azure-Proactive-Resiliency-Library-v2/azurerm/network/azurerm_application_gateway_zones.rego index beda7af..7ac52b7 100644 --- a/policy/Azure-Proactive-Resiliency-Library-v2/azurerm/network/azurerm_application_gateway_zones.rego +++ b/policy/Azure-Proactive-Resiliency-Library-v2/azurerm/network/azurerm_application_gateway_zones.rego @@ -3,7 +3,7 @@ package Azure_Proactive_Resiliency_Library_v2.azurerm_application_gateway import rego.v1 valid_zones(resource) if { - data.utils.exists(resource.values.zones) + resource.values.zones == resource.values.zones count(resource.values.zones) >= 2 } diff --git a/policy/common/common.utils.rego b/policy/common/common.utils.rego index b072103..60925f3 100644 --- a/policy/common/common.utils.rego +++ b/policy/common/common.utils.rego @@ -3,7 +3,7 @@ package utils import rego.v1 _resource(_input) := output if { - exists(_input.plan.resource_changes) + _input.plan.resource_changes == _input.plan.resource_changes output := { body | r := _input.plan.resource_changes[_] @@ -17,7 +17,7 @@ _resource(_input) := output if { } _resource(_input) := output if { - exists(_input.resource_changes) + _input.resource_changes == _input.resource_changes output := { body | r := _input.resource_changes[_] @@ -31,7 +31,7 @@ _resource(_input) := output if { } _resource(_input) := output if { - exists(_input.values.root_module.resources) + _input.values.root_module.resources == _input.values.root_module.resources output := { body | r := _input.values.root_module.resources[_] @@ -51,10 +51,6 @@ resource | resource.type == resource_type } -exists(x) if { - x == x -} - is_create_or_update(change_actions) if { change_actions[count(change_actions) - 1] == ["create", "update"][_] }